Digital Warfare: TAU on the Frontline
What if a hidden microphone placed next to a laptop could steal its encrypted data? Or a terrorist organization could hack into the national electricity grid and shut it down? These scenarios are far from science fiction. They are just some of the potential attacks that threaten cyber space and could seriously damage the networks we rely on to communicate and travel, power our homes, run our economy, and provide essential government services. As the number of mobile users, digital applications and data networks increase, so too do the opportunities for exploitation.
At TAU, some 30 groups across five faculties are integrating computer science, engineering and national security studies to advance cyber research and transfer their knowledge to decision makers in the government and to commercial security technology firms. “In the ongoing cyber war, the best form of defense is pioneering technology,” says Prof. Yossi Azar, Head of TAU’s Blavatnik School of Computer Science. “At TAU we have one of the strongest and most diversified cyber teams in Israel.” TAU researchers are conducting projects in fields ranging from doomsday cryptography, secure cloud computation and more efficient verifiability, to data anomaly and malware detection, user-controllable privacy, and recognition technologies for video surveillance.
The University is also establishing a national cyber center, partially funded by the Israeli Prime Minister’s Office, for coordinating interdisciplinary study programs, research, policy analysis, industry partnerships and international collaborations in the field of cyber security.
Flipping the nation’s switch
One of the more ominous scenarios for a government is a cyber-attack by a terrorist group or rogue state on the national electricity grid. This could potentially bring a nation to its knees, causing large-scale damage to life, property and essential services. Prof. Avishai Wool of TAU’s Fleischman Faculty of Engineering is developing a system that could help identify potentially malicious intrusions on the grid and prevent them. “Twenty years ago, if you wanted to shut down the power system you had to attack it physically,” says Wool. “Today it’s quite plausible that an attacker armed with nothing but a computer and network connection could hack into the power system or cause an explosion in a chemical plant. This has now become a white-collar crime – you can do it without being detected or getting your hands dirty,” he says.
Using TAU’s own independent electricity grid as a live experimental model, Wool’s system automatically evaluates the communications patterns on the grid and flags those incidents that are normal and those that are potentially malicious. The technique’s advantage is that it achieves a far lower false alarm rate than other known systems.
If shutting down the power grid sounds threatening in the abstract, a more concrete and everyday threat is one that could block access to popular websites – whether banking storefronts or consumer sites. If, for example, an online gaming site wants to block access to a competitor’s site, all they have to do is bombard that site with traffic until its servers crash under the load. Known as “distributed denial of service” (DDoS) attacks, their source is almost impossible to identify.
Now, Shir Landau-Feibish, a doctoral student in computer science under Prof. Yehuda Afek of the Blavatnik School, has developed a unique tool for revealing the footprint of certain DDoS attacks and preventing them from being repeated. To do so, her team, in cooperation with Prof. Anat Bremler-Barr of the Interdisciplinary Center in Herzliya, has devised a “double heavy hitters algorithm” that is capable of finding the smallest set of signatures – digital codes identifying the sender – required to detect 99% of the attack messages. Landau-Feibish explains that about 20% of the world’s computers are part of a botnet – armies of zombie computers that are controlled by an attacker who can direct high volume traffic to a targeted site. These strikes fly in under the radar because they come from multiple computers and appear normal.
“Regular computer security companies need time to sift through the traffic to find what’s illegitimate. Meanwhile, your site is gridlocked and you’re losing your customers,” Landau-Feibish says. The TAU algorithm is innovative in that it can be applied to extracting malicious signatures from textual data as well as numerical data. The disruptive messages can then be blocked. “When our system is installed on the security company’s mitigation devices, it’s on call rather than the company being on call,” she says. The research is supported by the Kabarnit-Cyber Consortium under the Magnet program, funded by the Chief Scientist of the Israel Ministry of Industry, Trade and Labor.
Israeli Prime Minister Benjamin Netanyahu speaking at TAU's third annual International Cyber Security Conference, 2013.
Letting big data do the work
Of the half a million attacks per second occurring in cyber space, the majority can’t be detected by traditional computer security systems, says Prof. Amir Averbuch of the Blavatnik School of Computer Science. Traditional defense systems that work by scanning the contents of computer files and cross-referencing their contents with the “code signatures” belonging to known viruses are ineffective, as are rule-based systems such as firewalls, notes Averbuch. “These systems don’t catch ‘zero-day attacks’ – ones that exploit unknown software vulnerabilities. They can only detect yesterday’s attacks – ones they know they’re looking for,” says Averbuch. Today, communications networks and social media are accumulating huge amounts of data. Google and Facebook each amass two terabytes of compressed data a day. “The challenge is how to extract intelligence from big data. It’s a hot topic,” says Averbuch.
The TAU team has developed a program that enables big data to generate the algorithms that detect anomalies in zero-day attacks. The algorithms are based on a randomized scanning of the data and are therefore not biased by any foreknowledge. “We try to ascertain the geometry of the data and then understand who is deviating from normal behavior. We then perform a forensic investigation on this abnormality to see whether it’s malicious or not,” says Averbuch.
In the cloud
Increasingly, companies and organizations are outsourcing their computer operations to the cloud, especially large service providers such as Amazon. The cloud is cheaper and faster, but is it secure? “Not so,” says Dr. Eran Tromer of TAU’s Blavatnik School, a specialist in cloud computing. “Data entrusted to the cloud may be corrupted or leaked, either by the cloud service provider or by malicious customers. “The research challenge is to construct verifiable mechanisms that base the security of remote computation on mathematical evidence rather than sweet promises,” says Tromer. Collaborating with MIT and the Technion, Tromer’s team is developing a “SNARK” – software that compiles computer programs into a more secure version and that ensures integrity of computation by associating data with succinct mathematical proof of its validity. This could be a game changer in the field of computer security, Tromer believes.
In a spinoff project with Johns Hopkins University, Tromer and his team are developing “Zerocash,” a system that ensures anonymity in digital currency transactions such as Bitcoin, while again ensuring validity. Tromer’s research is supported by TAU’s Check Point Institute for Information Security, the Israel Ministry of Science, the I-CORE for Excellence in Algorithms and the Leona M. and Harry B. Helmsley Charitable Trust.
On the policy front
The cyber domain has brought to the fore complex security and policy related challenges. TAU has taken a leading role in addressing these issues through the Yuval Ne’eman Workshop for Science, Technology and Security. In 2011, Workshop Head Major Gen. (res.) Prof. Isaac Ben-Israel was approached by Prime Minister Benjamin Netanyahu to review Israeli national cyber policy. Ben-Israel submitted a report, adopted by the government, that included setting up a new National Cyber Bureau.
Foremost among Ben-Israel’s recommendations was to position Israel as one of the top five global powers in cyber expertise by 2015. Ben-Israel feels that “innovative technology against cyber-attacks is not enough without some sort of government involvement and regulation. As cyber warfare becomes a national and societal problem, there is a need to advise decision-makers on the formulation of standards. This is where you need the input of policy experts, ethicists, economists and human rights specialists.” The Workshop conducts research in the cyber sphere and holds a high-buzz annual conference on cyber security. Last year’s conference brought together key figures from Israel and abroad and hosted President Shimon Peres and Prime Minister Netanyahu.
Yuval Ne’eman Workshop Research Associate Lior Tabansky, a PhD candidate in political science under Professors Ben-Israel and Azar Gat, says, “Cyber attacks bypass the whole apparatus of borders, armies and traditional infrastructures that are supposed to protect society. Maybe in in ten years’ time we’ll be able to build borders in cyber space as well. Meanwhile, we can try to understand the often neglected social and political aspects of cyber security and engender new perspectives in the humanities and social sciences.”